no, the only way is with the SDB file from the IT teams database. Slaving it won't work.
This is security software remember - it's designed to make it impossible for someone unauthorized to access the data.
Even if you slave the original hdd you still need the sdb file belonging to that particular node.
Only then the machine key used to encrypt the data will be available.
The only other way is to authenticate locally from sbfs which i guess isnt working.
As you probably guessed sdb file indeed varies with each machine.
So I suppose you are left to the mercy of your server admin..
Mr. safeboot, let me ask one question. Does new sdb file generated each time we reinstall OS? I called one of the data recovery vendor and he is asking for old sdb file. If our IT department don't have old sdb file then how we can recover the data or it is impossible?
It's not a file - it's a database entry, and yes, by default a new one is created for every activation.
BUT as in my post above, it's possible for companies to use scripts and automation etc to overcome that safety measure.
Take a look in your client log (the EEPC tool tray icon) - if the activation log is still in there, and your machine name ends in 0001,0002 etc the chances are a new record was created and the old one still exists. That log gets purged pretty quickly though.
So what you are saying is in activation log I can find the old and new entry both? Also, I use the same name for the computer and my IT dept rep is saying it is database entry for sdb file is overwritten on their side.
Where does usually this activation log is located?
no, I am saying the log could give you a clue as to whether the DB record was overwritten or not.
you can find the log by right clicking the EEPC monitor/status icon in your tool tray.
It doesnt matter what computer name you use, though if you used a NEW name, it's highly likely there will be two records in the recovery db, one for each name. If you re-used the original name, there would normally be one record under name, and one under name0001 etc.
BUT as I said, your IT team could be cleaning old records up.
For the SDB record to be overwritten, they would have either had to delete it themselves, or use some scripting/automation. EEPC never deletes this kind of thing on its own for exactly the reason you are experiencing.
Thank you for this thread. I have started a new position and have been handed the task of trying to recover data from two systems that have eepc installed and after running chkdsk on the drives neither will boot to the desktop. They constantly loop trying to repair startup. At least now I know what not to try. This is a very large company and I am having trouble locating the proper IT support. They do not call it "Endpoint encryption server admin" in this company. Is there anyone who has worked for Dupont who would know the proper name?